By .default, Snap packages have little access to the alternative directory and run it from there. system. The package creators themselves are able to switch on certain access to resources. Furthermore, the user mode tools for managing Snaps allow refinement of these options. For example, the Snap Store allows users to switch the permissions of an application on and off to access the network, audio facilities and the home folder, among other resources.
Snap has a small problem with its sandboxing because it was created by Canonical and designed to work, first and foremost, within Ubuntu Linux. For this reason, it uses a system called AppArmour for its security features, meaning that distributions that use a different security system (such as SELinux) don’t have all of the same security features when working with Snaps.